MalaysianUpdates

Category: Cybersecurity

  • Cisco Redefines Security for the Era of the Agentic Workforce

    Cisco Redefines Security for the Era of the Agentic Workforce

    Cisco (NASDAQ: CSCO) has introduced a comprehensive suite of security innovations designed to support the rapidly evolving agentic AI ecosystem, where intelligent software agents are no longer limited to responding to queries but are increasingly सक्षम of taking action autonomously. Announced at the RSA Conference 2026, these solutions aim to address key barriers to enterprise adoption of AI agents by embedding robust security measures across every stage of the agent lifecycle—from identity and access control to deployment and real-time threat response.

    At the core of Cisco’s announcement is the expansion of Zero Trust Access to AI agents, enabling organisations to establish trusted identities, enforce strict access controls, and ensure full visibility over agentic activities. New capabilities within Cisco Identity Intelligence and Duo Identity and Access Management (IAM) allow enterprises to register and map AI agents to accountable human owners, while Secure Access security service edge (SSE) introduces model context protocol (MCP) policy enforcement and intent-aware monitoring. These advancements ensure that agents operate strictly within defined parameters, reducing the risk of misuse or unauthorised actions.

    To further strengthen AI security, Cisco has launched AI Defense: Explorer Edition, a self-service platform that empowers developers and security teams to test AI models and applications against real-world threats before deployment. Equipped with dynamic red teaming, model validation tools, and API-first integrations, the platform enables organisations to identify vulnerabilities such as prompt injection and jailbreak attempts while embedding robust guardrails into agent workflows. Complementing this is the introduction of the Agent Runtime Software Development Kit (SDK), which integrates policy enforcement directly into the development phase across major AI frameworks.

    Cisco also revealed DefenseClaw, an open-source secure agent framework designed to automate security processes and streamline deployment. By integrating tools such as Skills Scanner, MCP Scanner, AI Bill of Materials (BoM), and CodeGuard, DefenseClaw ensures that AI agents are fully verified, scanned, and inventoried before deployment. Its planned integration with NVIDIA OpenShell further enhances runtime security by providing a sandboxed environment that eliminates manual intervention and accelerates secure scaling of agentic workloads.

    In parallel, Cisco is advancing security operations through new AI-powered innovations within its Splunk platform. These include Exposure Analytics for real-time asset visibility and risk scoring, Detection Studio for streamlined threat detection workflows, and Federated Search for cross-environment data correlation. Additionally, a suite of specialised AI agents—such as Triage Agent, Malware Threat Reversing Agent, and Guided Response Agent—will automate and accelerate security operations, enabling Security Operations Centres (SOCs) to detect and respond to threats at machine speed.

    Cisco’s strategy is built around three key pillars: protecting the world from AI agents, protecting agents from external threats, and enabling rapid detection and response to AI-driven incidents. According to a recent Cisco survey, while 85% of enterprises are experimenting with AI agents, only 5% have deployed them at scale—highlighting the urgent need for trusted security frameworks.

    By embedding security into the foundation of the agentic AI economy, Cisco is positioning itself at the forefront of enabling safe and scalable AI adoption. As organisations continue to explore the transformative potential of AI agents, Cisco’s integrated approach aims to provide the confidence and control needed to unlock innovation while mitigating risk.

  • HONOR Tackles Rising Silent Call Threats in Malaysia with Enhanced AI-Powered Voice Scam Detection

    HONOR Tackles Rising Silent Call Threats in Malaysia with Enhanced AI-Powered Voice Scam Detection

    A rising scam call tactic known as the “silent call” is increasingly worrying Malaysians, as fraudsters leverage artificial intelligence (AI) to clone victims’ voices and impersonate people they know to demand money transfers. Authorities have urged the public to stay vigilant, especially when receiving calls where the caller remains silent for several seconds. Social media is filled with stories of Malaysians encountering these calls, highlighting the urgent need for protective measures. In response, HONOR is enhancing the Magic8 Pro with a new AI Voice Cloning Detection feature, designed to identify AI-generated voices. This feature will be available via a software update in late December 2025.

    The AI Voice Cloning Detection complements HONOR Magic8 Pro’s existing AI Deepfake Detection, analyzing calls for cloned or synthesized voices and notifying users when anomalies are detected. The necessity for such protection is evident: recent reports include a woman who lost RM5,000 after a voice clone of her employer deceived her, and a travel agent who fell victim to a call mimicking a friend, losing RM49,800. With this feature, users can answer unknown numbers with greater confidence and reduced anxiety.

    In addition, the Magic8 Pro will include AI Scam Number Detection, which cross-checks incoming calls against known scam databases and alerts users if a number is flagged as suspicious. This provides an extra layer of security, helping users avoid potential scams even before answering a call.

    Beyond calls, HONOR has upgraded its AI Deepfake Detection for video calls, now capable of screening up to eight people simultaneously to detect digitally altered faces. With deepfake-related fraud cases investigated by police numbering 454 last year, causing losses of RM2.72 million, these advanced features position the Magic8 Pro as a strong deterrent against AI-driven fraud nationwide.

    HONOR’s dedication to integrating privacy and security into its devices has earned global recognition. Its built-in deepfake detection technology received the TIME Best Inventions 2025 Award for Privacy and Security, underscoring the brand’s commitment to responsible AI innovation and ensuring users remain protected as digital threats evolve.

    For more information, visit HONOR’s official website at www.honor.com/my.

  • The Rising Threat of Fake Reviews Undermining Digital Trust in Malaysia

    The Rising Threat of Fake Reviews Undermining Digital Trust in Malaysia

    In Malaysia, online reviews have become a critical part of consumers’ decision-making, with many relying on genuine feedback before clicking “buy,” “book,” or “order.” A study by Universiti Putra Malaysia highlighted that the authenticity of a review strongly influences purchase intention, underscoring the trust Malaysians place in these opinions. However, this trust is under threat as digital platforms are increasingly flooded with AI-generated reviews, paid click-farm content, and coordinated manipulation campaigns using fake accounts. Google alone removed over 240 million reviews in 2024 for violating policies, a 41.18% increase from the previous year, reflecting the scale of the problem. As fake reviews proliferate, genuine feedback loses significance, leaving consumers unsure whether a recommendation is authentic or automated.

    The consequences of manipulated reviews extend beyond consumer uncertainty. Bots, throwaway accounts, and sophisticated AI-written reviews now dominate online platforms, temporarily inflating product ratings and misleading buyers. When consumers uncover the truth, they feel deceived and often leave genuine negative feedback, creating a cycle of disappointment that erodes trust in both brands and platforms. Small businesses are particularly vulnerable, with some falling victim to scams where fake reviews are posted on Google Maps or other platforms, followed by extortion attempts to remove them. Honest sellers struggle to compete as authentic feedback is buried beneath manipulated ratings, harming reputations and sales.

    The underlying issue lies in outdated verification systems that were designed for a simpler internet. Traditional measures like email verification, phone authentication, and CAPTCHAs are no longer sufficient against modern bots, AI-generated identities, and coordinated fake accounts. While platforms conduct sweeps to remove fraudulent reviews, they are consistently challenged by the speed and scale of synthetic content. Each fake review that bypasses safeguards diminishes platform credibility, leaving consumers skeptical of even genuine feedback and undermining trust in online ratings.

    To restore confidence in digital platforms, verifying the presence of a real human behind an account is becoming essential. Privacy-preserving human verification systems, such as World ID, offer a solution by confirming users’ humanness without exposing personal information. Using tools like the Orb, which captures an image of a user’s face and eyes only to verify they are real before immediately deleting it, platforms can establish authenticity while maintaining privacy. Zero-knowledge proofs then allow users to signal “I’m a real human” without revealing any personal details, creating a foundation for trustworthy online interactions.

    With Malaysia’s digital economy accelerating—e-commerce revenue reached RM937.5 billion in the first nine months of 2025—the integrity of digital interactions is critical. Privacy-preserving human verification provides a practical path to ensure reviews and other online activities are genuine, supporting both consumer trust and business fairness. As Malaysians increasingly rely on digital platforms for everyday decisions, the ability to prove humanness is emerging as a key factor in safeguarding trust, protecting the digital economy, and ensuring that online recommendations continue to serve their intended purpose.

  • Seven Major Vulnerabilities Could Expose ChatGPT to Data Breaches and Account Hijacking

    Seven Major Vulnerabilities Could Expose ChatGPT to Data Breaches and Account Hijacking

    Critical “HackedGPT” Vulnerabilities Expose ChatGPT Users to Data Theft and Hijacking

    Security researchers at Tenable, an exposure management company, have uncovered seven critical vulnerabilities in OpenAI’s ChatGPT-4o, some of which persist in ChatGPT-5, collectively dubbed HackedGPT. These flaws bypass the model’s built-in safety mechanisms, putting users at risk of privacy breaches and the theft of sensitive information, including stored chats and long-term memories. While OpenAI has remediated some vulnerabilities, several remain unaddressed, leaving exposure paths open to potential attackers.

    The vulnerabilities represent a new class of AI attack known as indirect prompt injection, where hidden instructions embedded in external websites or online content can trick ChatGPT into performing unauthorized actions. The flaws particularly affect ChatGPT’s web browsing and memory features, which process live data and store user interactions. Tenable researchers highlighted two primary attack vectors: “0-click” attacks, triggered simply by asking a question, and “1-click” attacks, initiated by clicking a malicious link. A particularly concerning method, Persistent Memory Injection, allows attackers to plant instructions in ChatGPT’s long-term memory, creating lasting threats that can expose private data across multiple sessions until manually cleared.

    The seven vulnerabilities include indirect prompt injection via trusted sites, 0-click search compromises, 1-click prompt injection, safety mechanism bypass, conversation injection, hidden malicious content, and persistent memory injection. Exploiting these flaws could allow attackers to insert hidden commands, steal sensitive data from connected services like Gmail or Google Drive, manipulate outputs to mislead users, or continuously exfiltrate information from stored memories.

    According to Moshe Bernstein, Senior Research Engineer at Tenable, “HackedGPT exposes a fundamental weakness in how large language models judge what information to trust. Individually, these flaws seem small, but together they form a complete attack chain—from injection and evasion to data theft and persistence. AI systems can be turned into attack tools that silently harvest information from everyday chats and browsing.”

    Tenable recommends that organizations treat AI tools as active attack surfaces, monitor for manipulation or data leakage, reinforce defenses against prompt injection, and establish governance and data-classification controls. The research underscores the importance of continuous testing, safeguards, and responsible use to ensure AI systems protect users rather than compromise them.

    For more information, the full Tenable report on HackedGPT can be accessed here.